ComboFix 13-07-04.01 - sklep 2013-07-04 17:11:10.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.4029.2010 [GMT 2:00] Uruchomiony z: c:\users\sklep\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Utworzono nowy punkt przywracania . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\6261\AddOnDownloaded\1a3879e8-dfe0-4d00-87f6-f2db19ac1eee.dll c:\programdata\PCDr\6261\AddOnDownloaded\1f7e3200-2791-441e-8615-1258d84e5f61.dll c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll c:\programdata\PCDr\6261\AddOnDownloaded\31e827f4-bf26-41e4-9984-6422402c51da.dll c:\programdata\PCDr\6261\AddOnDownloaded\3648a8b0-3389-4840-be40-db026cb0b248.dll c:\programdata\PCDr\6261\AddOnDownloaded\3820d79a-0389-4fd9-b10c-00d2774e8996.dll c:\programdata\PCDr\6261\AddOnDownloaded\5e1499b7-780b-4b0e-8240-0221e699a647.dll c:\programdata\PCDr\6261\AddOnDownloaded\7a273375-a427-45b1-8925-a4fd3312f55b.dll c:\programdata\PCDr\6261\AddOnDownloaded\958decf6-f105-42b7-b2b8-ecb97b06448b.dll c:\programdata\PCDr\6261\AddOnDownloaded\ab0b7706-a6c8-49aa-9f56-0787e2a45b0b.dll c:\programdata\PCDr\6261\AddOnDownloaded\b3ef58a2-77e9-414a-b8f6-b8cbbf497383.dll c:\programdata\PCDr\6261\AddOnDownloaded\b9659de3-009a-489a-9910-f3747d7d70c2.dll c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll c:\programdata\PCDr\6261\AddOnDownloaded\c088a81a-a965-4da7-8b79-eda53ddfa390.dll c:\programdata\PCDr\6261\AddOnDownloaded\dfd672c1-69ab-446f-b44e-a23e9b8c7410.dll c:\programdata\PCDr\6261\AddOnDownloaded\f6023957-62a3-406c-842a-e25d2b71072a.dll c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\L\00000004.@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\L\201d3dde c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\L\6715e287 c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\L\76603ac3 c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\U\00000004.@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\U\00000008.@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\U\000000cb.@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\U\80000000.@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\U\80000032.@ c:\windows\Installer\{f5ce5a49-3400-f769-2a0a-d3cdcda7ac68}\U\80000064.@ c:\windows\system\QTIM32.DLL c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\SET830.tmp . Zainfekowana kopia c:\windows\system32\services.exe została znaleziona. Problem naprawiono Plik odzyskano z - c:\windows\ERDNT\cache64\services.exe . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BrowserDefendert . . ((((((((((((((((((((((((( Pliki utworzone od 2013-06-04 do 2013-07-04 ))))))))))))))))))))))))))))))) . . 2013-07-04 15:53 . 2013-07-04 15:53 -------- dc----w- c:\users\Public\AppData\Local\temp 2013-07-04 15:53 . 2013-07-04 15:53 -------- dc----w- c:\users\Default\AppData\Local\temp 2013-07-04 02:15 . 2013-07-04 02:15 -------- dc----w- c:\program files (x86)\LogMeIn Hamachi 2013-07-01 08:32 . 2006-06-19 11:01 69632 -c--a-w- c:\windows\SysWow64\ztvcabinet.dll 2013-07-01 08:32 . 2006-05-25 13:52 162304 -c--a-w- c:\windows\SysWow64\ztvunrar36.dll 2013-07-01 08:32 . 2005-08-25 23:50 77312 -c--a-w- c:\windows\SysWow64\ztvunace26.dll 2013-07-01 08:32 . 2003-02-02 18:06 153088 -c--a-w- c:\windows\SysWow64\UNRAR3.dll 2013-07-01 08:32 . 2002-03-05 23:00 75264 -c--a-w- c:\windows\SysWow64\unacev2.dll 2013-07-01 08:32 . 2013-07-04 15:05 -------- dc----w- c:\program files (x86)\Trojan Remover 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\users\sklep\AppData\Local\Programs 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\users\sklep\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\windows\SysWow64\searchplugins 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\windows\SysWow64\Extensions 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\programdata\BrowserDefender 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\users\sklep\AppData\Roaming\BabSolution 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\users\sklep\AppData\Roaming\Babylon 2013-07-01 08:26 . 2013-07-01 08:26 -------- dc----w- c:\programdata\Babylon 2013-06-30 23:56 . 2013-06-30 23:56 -------- dcsh--w- c:\windows\SysWow64\%APPDATA% 2013-06-28 11:56 . 2013-06-28 17:36 -------- dc----w- c:\users\sklep\AppData\Roaming\Rovio Entertainment Ltd 2013-06-25 15:16 . 2013-06-28 16:48 -------- dc----w- c:\program files (x86)\Telltale Games 2013-06-24 15:32 . 2013-06-24 15:32 -------- dcsh--w- c:\windows\ftpcache 2013-06-20 19:39 . 2013-06-20 19:40 1409 -c--a-w- c:\windows\QTFont.for . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-04 16:07 . 2013-07-04 16:07 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0BB3030-C801-46E8-B3C5-1816B23A1FC5}\offreg.dll 2013-07-01 00:02 . 2012-04-07 16:21 692104 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-01 00:02 . 2011-12-01 15:13 71048 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-02 00:06 . 2010-10-13 21:19 278800 -c----w- c:\windows\system32\MpSigStub.exe 2013-04-29 18:20 . 2012-02-28 20:23 165232 -c-ha-w- c:\users\sklep\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll 2013-04-29 18:19 . 2010-10-04 19:13 21052 -c--atw- c:\windows\SysWow64\SIntfNT.dll 2013-04-29 18:19 . 2010-10-04 19:13 15144 -c--atw- c:\windows\SysWow64\SIntf32.dll 2013-04-29 18:19 . 2010-10-04 19:13 12067 -c--atw- c:\windows\SysWow64\SIntf16.dll 2010-07-08 08:37 . 2010-07-08 08:37 101544 -c--a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"= "c:\program files (x86)\StartSearch plugin\ssBarLcher.dll" [BU] . [HKEY_CLASSES_ROOT\clsid\{7ac3e13b-3bca-4158-b330-f66dbb03c1b5}] [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1] [HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}] [HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "Argus Monitor"="c:\program files (x86)\ArgusMonitor\ArgusMonitor.exe" [2012-08-06 1762504] "SoniqueQuickStart"="c:\program files (x86)\Sonique\sqstart.exe" [2011-05-27 44832] "ModemOnHold"="c:\program files (x86)\NetWaiting\netWaiting.exe" [2007-05-10 26144] "WirelessManager"="c:\program files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe" [2009-11-26 175616] "ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2011-08-16 1379840] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-01-15 296056] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2010-07-19 71216] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096] Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-12-12 50688] SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-12-12 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x] R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys;c:\windows\SYSNATIVE\DRIVERS\bdfm.sys [x] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x] R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 zlportio;zlportio;c:\program files (x86)\UltraStar\zlportio.sys;c:\program files (x86)\UltraStar\zlportio.sys [x] R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys;c:\windows\SYSNATIVE\drivers\sfdrv01a.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x] S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe;c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x] S3 ArgusMonitor;ArgusMonitor kernel mode driver;SysWOW64\drivers\ArgusMonitor.sys;SysWOW64\drivers\ArgusMonitor.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Zawartość folderu 'Zaplanowane zadania' . 2013-02-22 c:\windows\Tasks\DriverEasy Scheduled Scan.job - c:\program files\Easeware\DriverEasy\DriverEasy.exe [2011-11-22 11:38] . 2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081826087-927070240-1253586494-1000Core.job - c:\users\sklep\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 21:58] . 2013-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1081826087-927070240-1253586494-1000UA.job - c:\users\sklep\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 21:58] . 2013-07-02 c:\windows\Tasks\ReclaimerUpdateFiles_sklep.job - c:\users\sklep\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13 13:22] . 2013-07-02 c:\windows\Tasks\ReclaimerUpdateXML_sklep.job - c:\users\sklep\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13 13:22] . 2013-07-04 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_sklep.job - c:\users\sklep\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-13 13:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "rfagent"="c:\program files\RFA 8\rfagent64.exe" [2012-01-27 3145864] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2010-07-19 76360] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2010-07-28 1967976] . ------- Skan uzupełniający ------- . uStart Page = about:blank uLocal Page = c:\program files (x86)\Mplayer\Assets\Blank.htm mStart Page = about:blank mLocal Page = c:\program files (x86)\Mplayer\Assets\Blank.htm IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\sklep\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) Toolbar-{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - (no file) Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0] "ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_USERS\.Default\Software\SetId\Internal] @Denied: (A 2) (LocalSystem) "DEVICE2"="vcvIsaaxyAA=" "DATA2"="" . [HKEY_USERS\S-1-5-21-1081826087-927070240-1253586494-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:87,bd,e0,70,02,d8,92,03,c8,6f,1b,5a,02,e9,a3,4f,3b,43,d3,04,63,5a,2a, e9,27,b1,75,6c,b6,ee,2c,be,6e,c7,2f,24,dc,e5,9b,c9,22,36,17,c6,1d,e5,84,27,\ "??"=hex:5b,d3,17,b5,4d,20,03,b3,4a,7d,2f,ab,33,9a,97,76 . [HKEY_USERS\S-1-5-21-1081826087-927070240-1253586494-1000\Software\SecuROM\License information*] "datasecu"=hex:88,bb,df,0a,ec,c7,b7,93,b8,0e,2d,2d,33,b9,97,a4,c3,ab,93,81,9e, 30,59,65,73,d0,1c,a7,52,18,77,53,01,1a,5e,ce,20,83,6e,b3,12,5f,12,96,c9,34,\ "rkeysecu"=hex:74,99,c8,d2,9d,75,75,47,0c,fe,9a,dd,80,49,04,fc . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\SysWOW64\IoctlSvc.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Czas ukończenia: 2013-07-04 18:18:04 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2013-07-04 16:17 ComboFix2.txt 2013-04-06 09:03 ComboFix3.txt 2011-11-24 23:23 . Przed: 11 929 206 784 bajtów wolnych Po: 12 045 025 280 bajtów wolnych . - - End Of File - - E32D46C218CAA69BC3CFA37BDE74ACCA D41D8CD98F00B204E9800998ECF8427E